./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1034986083 <...> DUID 00:04:ab:86:5b:51:31:5e:ac:a3:74:55:84:ab:cd:90:ff:3d forked to background, child pid 4657 [ 34.810241][ T4658] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.828801][ T4658] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.101' (ECDSA) to the list of known hosts. execve("./syz-executor1034986083", ["./syz-executor1034986083"], 0x7ffdeffca9b0 /* 10 vars */) = 0 brk(NULL) = 0x5555565e4000 brk(0x5555565e4c40) = 0x5555565e4c40 arch_prctl(ARCH_SET_FS, 0x5555565e4300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1034986083", 4096) = 28 brk(0x555556605c40) = 0x555556605c40 brk(0x555556606000) = 0x555556606000 mprotect(0x7f61b2cd0000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565e45d0) = 5082 ./strace-static-x86_64: Process 5082 attached [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] memfd_create("syzkaller", 0) = 3 [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f61aa7f4000 syzkaller login: [ 56.764712][ T5082] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5082 'syz-executor103' [pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5082] munmap(0x7f61aa7f4000, 16777216) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5082] close(3) = 0 [pid 5082] mkdir("./file0", 0777) = 0 [ 57.009340][ T5082] loop0: detected capacity change from 0 to 32768 [ 57.024582][ T5082] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 57.033952][ T5082] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 57.048823][ T5082] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 57.058145][ T897] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 57.064996][ T897] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [pid 5082] mount("/dev/loop0", "./file0", "gfs2", MS_SYNCHRONOUS|MS_POSIXACL, "nodiscard,rgrplvb,noloccookie,statfs_quantum=0x0000000000000000,quota,nosuiddir," [pid 5081] kill(-5082, SIGKILL) = 0 [pid 5081] kill(5082, SIGKILL) = 0 [pid 5081] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5081] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5081] getdents64(3, 0x5555565e5620 /* 2 entries */, 32768) = 48 [pid 5081] getdents64(3, 0x5555565e5620 /* 0 entries */, 32768) = 0 [pid 5081] close(3) = 0 [ 76.267906][ T7] cfg80211: failed to load regulatory.db [ 286.185927][ T28] INFO: task kworker/0:2:897 blocked for more than 143 seconds. [ 286.193866][ T28] Not tainted 6.2.0-next-20230303-syzkaller #0 [ 286.200607][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.209336][ T28] task:kworker/0:2 state:D stack:27288 pid:897 ppid:2 flags:0x00004000 [ 286.218663][ T28] Workqueue: gfs_recovery gfs2_recover_func [ 286.224626][ T28] Call Trace: [ 286.228002][ T28] [ 286.230950][ T28] __schedule+0x24b4/0x5ac0 [ 286.235492][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.241563][ T28] ? find_held_lock+0x2d/0x110 [ 286.246422][ T28] ? io_schedule_timeout+0x150/0x150 [ 286.251715][ T28] ? _raw_spin_unlock_irq+0x23/0x50 [ 286.256969][ T28] ? lockdep_hardirqs_on+0x7d/0x100 [ 286.262187][ T28] schedule+0xde/0x1a0 [ 286.266305][ T28] io_schedule+0xbe/0x130 [ 286.270671][ T28] folio_wait_bit_common+0x394/0x9b0 [ 286.276068][ T28] ? filemap_get_folios_contig+0xa70/0xa70 [ 286.281910][ T28] ? filemap_add_folio+0x1e0/0x1e0 [ 286.287067][ T28] ? folio_unlock+0xd0/0xd0 [ 286.291624][ T28] ? __get_log_header.part.0+0x89/0x430 [ 286.297245][ T28] gfs2_jhead_process_page.isra.0+0x515/0x600 [ 286.303334][ T28] ? revoke_lo_scan_elements+0x6a0/0x6a0 [ 286.309035][ T28] gfs2_find_jhead+0xa0b/0xd00 [ 286.313832][ T28] ? databuf_lo_before_commit+0x100/0x100 [ 286.319626][ T28] gfs2_recover_func+0x6ad/0x1e40 [ 286.324687][ T28] ? save_trace+0x29e/0xb20 [ 286.329382][ T28] ? _find_first_zero_bit+0x94/0xb0 [ 286.334657][ T28] ? __get_log_header+0xf0/0xf0 [ 286.339630][ T28] ? __lock_acquire+0x27b0/0x5d40 [ 286.344704][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.350733][ T28] ? lock_downgrade+0x690/0x690 [ 286.355614][ T28] ? debug_object_deactivate+0x105/0x300 [ 286.361389][ T28] ? lock_release+0x780/0x780 [ 286.366122][ T28] ? process_one_work+0x8a1/0x1820 [ 286.371275][ T28] ? rcu_read_lock_sched_held+0x3e/0x70 [ 286.376899][ T28] ? trace_lock_acquire+0x1f1/0x2b0 [ 286.382125][ T28] process_one_work+0x9bf/0x1820 [ 286.387120][ T28] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 286.392523][ T28] ? rcu_read_lock_sched_held+0x3e/0x70 [ 286.398131][ T28] ? spin_bug+0x1c0/0x1c0 [ 286.402486][ T28] ? lock_acquire+0x32/0xc0 [ 286.407026][ T28] ? worker_thread+0x16d/0x1090 [ 286.411904][ T28] worker_thread+0x669/0x1090 [ 286.416655][ T28] ? __kthread_parkme+0x163/0x220 [ 286.421697][ T28] ? process_one_work+0x1820/0x1820 [ 286.426948][ T28] kthread+0x2e8/0x3a0 [ 286.431068][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 286.436762][ T28] ret_from_fork+0x1f/0x30 [ 286.441214][ T28] [ 286.444292][ T28] INFO: task syz-executor103:5082 blocked for more than 143 seconds. [ 286.452426][ T28] Not tainted 6.2.0-next-20230303-syzkaller #0 [ 286.459180][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.467881][ T28] task:syz-executor103 state:D stack:25672 pid:5082 ppid:5081 flags:0x00004004 [ 286.477177][ T28] Call Trace: [ 286.480461][ T28] [ 286.483388][ T28] __schedule+0x24b4/0x5ac0 [ 286.487968][ T28] ? io_schedule_timeout+0x150/0x150 [ 286.493286][ T28] ? preempt_schedule_thunk+0x1a/0x20 [ 286.498723][ T28] ? preempt_schedule_common+0x45/0xb0 [ 286.504218][ T28] schedule+0xde/0x1a0 [ 286.508349][ T28] bit_wait+0x16/0xe0 [ 286.512344][ T28] __wait_on_bit+0x64/0x180 [ 286.516905][ T28] ? bit_wait_io+0xe0/0xe0 [ 286.521339][ T28] out_of_line_wait_on_bit+0xd9/0x110 [ 286.526748][ T28] ? __wait_on_bit+0x180/0x180 [ 286.531525][ T28] ? group_init+0x6b0/0x6b0 [ 286.536259][ T28] ? queue_work_on+0xb7/0x110 [ 286.540967][ T28] gfs2_recover_journal+0x135/0x150 [ 286.546245][ T28] init_inodes+0x2140/0x2c80 [ 286.550865][ T28] ? end_bio_io_page+0xd0/0xd0 [ 286.555627][ T28] ? pointer+0xc50/0xc50 [ 286.559948][ T28] ? gfs2_fill_super+0x1a75/0x2b20 [ 286.565085][ T28] ? snprintf+0xbf/0x100 [ 286.569372][ T28] ? vsnprintf+0x1700/0x1710 [ 286.573981][ T28] ? gfs2_read_super+0x1930/0x1930 [ 286.579167][ T28] ? __debugfs_create_file+0x3b6/0x5e0 [ 286.584702][ T28] gfs2_fill_super+0x1a75/0x2b20 [ 286.589696][ T28] ? gfs2_reconfigure+0x1060/0x1060 [ 286.594941][ T28] ? gfs2_fill_super+0x1782/0x2b20 [ 286.600145][ T28] ? snprintf+0xbf/0x100 [ 286.604425][ T28] ? vsprintf+0x30/0x30 [ 286.608672][ T28] ? wait_for_completion_io_timeout+0x20/0x20 [ 286.614777][ T28] ? set_blocksize+0x2d2/0x370 [ 286.619639][ T28] get_tree_bdev+0x444/0x760 [ 286.624299][ T28] ? gfs2_reconfigure+0x1060/0x1060 [ 286.629543][ T28] gfs2_get_tree+0x4e/0x270 [ 286.634070][ T28] vfs_get_tree+0x8d/0x350 [ 286.638551][ T28] path_mount+0x1342/0x1e40 [ 286.643099][ T28] ? kmem_cache_free+0xec/0x4e0 [ 286.648016][ T28] ? finish_automount+0x9b0/0x9b0 [ 286.653070][ T28] ? putname+0x102/0x140 [ 286.657409][ T28] __x64_sys_mount+0x283/0x300 [ 286.662204][ T28] ? copy_mnt_ns+0xb30/0xb30 [ 286.666991][ T28] ? lockdep_hardirqs_on+0x7d/0x100 [ 286.672216][ T28] ? _raw_spin_unlock_irq+0x2e/0x50 [ 286.677471][ T28] ? ptrace_notify+0xfe/0x140 [ 286.682172][ T28] do_syscall_64+0x39/0xb0 [ 286.686661][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.692961][ T28] RIP: 0033:0x7f61b2c4293a [ 286.697433][ T28] RSP: 002b:00007ffd61679618 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 286.705892][ T28] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f61b2c4293a [ 286.713856][ T28] RDX: 0000000020021140 RSI: 0000000020021180 RDI: 00007ffd61679630 [ 286.721877][ T28] RBP: 00007ffd61679630 R08: 00007ffd61679670 R09: 0000000000000002 [ 286.729923][ T28] R10: 0000000000010010 R11: 0000000000000282 R12: 0000000000000004 [ 286.738012][ T28] R13: 00005555565e42c0 R14: 0000000000010010 R15: 00007ffd61679670 [ 286.746137][ T28] [ 286.749209][ T28] [ 286.749209][ T28] Showing all locks held in the system: [ 286.757340][ T28] 1 lock held by rcu_tasks_kthre/12: [ 286.762628][ T28] #0: ffffffff8c7964f0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 [ 286.773173][ T28] 1 lock held by rcu_tasks_trace/13: [ 286.778522][ T28] #0: ffffffff8c7961f0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 [ 286.789531][ T28] 1 lock held by khungtaskd/28: [ 286.794384][ T28] #0: ffffffff8c797040 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x390 [ 286.804318][ T28] 2 locks held by kworker/0:2/897: [ 286.809456][ T28] #0: ffff888145e0f938 ((wq_completion)gfs_recovery){+.+.}-{0:0}, at: process_one_work+0x86d/0x1820 [ 286.820394][ T28] #1: ffffc900052dfda8 ((work_completion)(&jd->jd_work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1820 [ 286.831731][ T28] 1 lock held by klogd/4434: [ 286.836361][ T28] #0: ffff8880b993c298 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2f/0x120 [ 286.846349][ T28] 2 locks held by getty/4760: [ 286.851031][ T28] #0: ffff888028701098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 [ 286.860908][ T28] #1: ffffc900015802f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 [ 286.871134][ T28] 1 lock held by syz-executor103/5082: [ 286.876669][ T28] #0: ffff8880294540e0 (&type->s_umount_key#41/1){+.+.}-{3:3}, at: alloc_super+0x22e/0xb60 [ 286.886870][ T28] [ 286.889200][ T28] ============================================= [ 286.889200][ T28] [ 286.897655][ T28] NMI backtrace for cpu 0 [ 286.901986][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.2.0-next-20230303-syzkaller #0 [ 286.910906][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 [ 286.920945][ T28] Call Trace: [ 286.924216][ T28] [ 286.927134][ T28] dump_stack_lvl+0xd9/0x150 [ 286.931754][ T28] nmi_cpu_backtrace+0x316/0x3e0 [ 286.936691][ T28] nmi_trigger_cpumask_backtrace+0x3a7/0x460 [ 286.942665][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 286.947879][ T28] watchdog+0xe94/0x11e0 [ 286.952130][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.958105][ T28] kthread+0x2e8/0x3a0 [ 286.962174][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 286.967803][ T28] ret_from_fork+0x1f/0x30 [ 286.972221][ T28] [ 286.975348][ T28] Sending NMI from CPU 0 to CPUs 1: [ 286.980599][ C1] NMI backtrace for cpu 1 skipped: idling at acpi_safe_halt+0x40/0x50 [ 286.986091][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 286.986102][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.2.0-next-20230303-syzkaller #0 [ 286.986126][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 [ 286.986138][ T28] Call Trace: [ 286.986144][ T28] [ 286.986152][ T28] dump_stack_lvl+0xd9/0x150 [ 286.986192][ T28] panic+0x688/0x730 [ 286.986251][ T28] ? panic_smp_self_stop+0x90/0x90 [ 286.986286][ T28] ? preempt_schedule_thunk+0x1a/0x20 [ 286.986326][ T28] ? watchdog+0xc20/0x11e0 [ 286.986359][ T28] watchdog+0xc31/0x11e0 [ 286.986388][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.986418][ T28] kthread+0x2e8/0x3a0 [ 286.986442][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 286.986473][ T28] ret_from_fork+0x1f/0x30 [ 286.986519][ T28] [ 286.989983][ T28] Kernel Offset: disabled [ 287.076650][ T28] Rebooting in 86400 seconds..